After the latest hack attack, can feds trust Uncle Sam with their personal information?

For federal employees, the massive data breach at the Office of Personnel Management (OPM) raises a troubling question: Why should the
government be trusted to protect their personal information?
OPM
says a “cybersecurity incident,” revealed on Thursday, was detected in
April. “Incident” is small word for a big theft, a serious and
far-reaching hijacking that endangers the personal information,
including Social Security numbers, of 4 million current and former
federal employees. The cybertheft began in December.
But it’s not the word choice that has federal workers and members of Congress upset. It’s the three Ts — trust, times and time.
On
trust, “given the repeated major digital security failures and the lack
so far of meaningful accountability, unless the Congress funds and the
president takes swift and decisive corrective action, it is impossible
to argue that federal employees should trust their employer with their
personal information,” said Lee Stone, a NASA scientist and an
International Federation of Professional and Technical Engineers
officer.
Those repeated failures speak to the number of times the
personal information of federal employees has been the target of
digital intrusion across government, not just OPM.

“The
number of reported information security incidents involving personally
identifiable information (PII) has more than doubled over the last
several years” at federal agencies, from 10,481 in fiscal year 2009 to
25,566 in 2013, the Government Accountability Office reported last year.
OPM,
however, is in a particularly critical position because in some ways it
functions like the government’s personnel office. An inspector general’s audit in November
said “the drastic increase in the number of systems operating without a
valid Authorization is alarming and represents a systemic issue of
inadequate planning by OPM program offices to authorize the information
systems that they own.”
Samuel Schumach, OPM’s press secretary,
defended the agency, saying “OPM took action in February 2014 and
developed an aggressive plan to bolster our IT networks and databases
and adopt state-of-the-art security protocols.” He noted the audit
“credited OPM for developing a plan to strengthen IT security policies”
and “where the audit found certain weaknesses, OPM was at that time
already planning and implementing certain upgrades and controls.”
If OPM is behind on cybersecurity, which it is, it has plenty of company.“For
fiscal year 2014, 19 of 24 major federal agencies reported that
deficiencies in information security controls constituted either a
material weakness or significant deficiency in internal controls over
their financial reporting,” GAO reported in April. “In addition,
inspectors general at 23 of these agencies cited information security as
a major management challenge for their agency.”

Another
attack on an OPM database was discovered in March 2014. Employees
weren’t informed until July, leading to complaints like those heard now
about the third T – time – as in the time it takes for agencies to
inform staffers about an attack.
Lucy Barber said she’s heard
from colleagues about “the outrage [at] the delay between the government
knowing about the breach and notifying employees.”
There is
outrage in Congress, too. “OPM needs to do what they should have done
weeks ago and personally contact each current and former employee
impacted and provide all of their resources to help our civil servants
deal with this intrusion,” said Rep. Don Beyer (D-Va.).
After
learning of the latest intrusion in April, OPM worked with the
Department of Homeland Security’s Computer Emergency Readiness Team “as
quickly as possible to assess the extent of the malicious activity and
to identify the records of individuals who may have been compromised,”
Schumach said. “During the investigation, OPM became aware of
potentially compromised data in May 2015. With any such event, it takes
time to conduct a thorough investigation and identify the affected
individuals.” OPM planned to begin contacting employees Monday.
As
disturbing as all this is, at least the credit rating of feds might not
be at risk. As my colleague Ellen Nakashima reported, the Chinese
allegedly stole the information possibly to build their own database of
federal employees, not to make bogus flat-screen television purchases at
Target, which was the victim of an earlier hack attack.

Previous
cyber-hits coupled with the recent one cause Congress, not just the
rank and file, to worry about OPM’s ability to protect the workforce.
The
latest “reported breach is part of a troubling pattern by this agency
in failing to secure the personal data of federal employees – the second
major breach in a year,” said Sen. Mark R. Warner (D-Va.). “. . .We
cannot afford to keep dragging our feet in addressing the escalating
threats posed by hackers out to steal individuals’ personal
information.”
One scary thought from OPM: “Since the
investigation is on-going, additional PII (personally identifiable
information) exposures may come to light.”

About
Muhammad Hassnain

Is a Web Developer and Social Media Strategist. Has efficient communication and management skills.3 years experience of blogging and content writing. Fond of latest and futuristic technologies. Has a good experience of freelancing and marketing.

RELATED POSTS

After the latest hack attack, can feds trust Uncle Sam with their personal information?
Reviewed by Muhammad Hassnain
on
Sunday, June 07, 2015
Rating: 5

Labels

is a global, multi-flavored news media and entertainment blog. Powered by muddlex team, Muddlex is the go-to source for tech, digital culture, sports and entertainment content for its potential and influential audience around the globe.